Can anybody please provide me with advice on constructing a SQL
Injection? I am currently auditing a web application. During the audit
I performed a Paros scan. The Paros scan resulted in showing several
area's were a SQL injection is possible; however, unless I can exploit a
SQL injection then I am not able to prove that SQL injection is
possible. I am not looking for complex statements, just something
simple that will provide me information to prove injection is possible.
If you cannot provide this information could you please provide me with
a reference to a book or web page that can.
Thank you,
Albert E. Schmidt, CPA
Senior Information System Auditor
Office of Legislative Audits
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/http://www.webappsec.org/rss/websecurity.rss [RSS Feed]